diff --git a/modules/servers/general/default.nix b/modules/servers/general/default.nix index 43495e0..f6005fe 100644 --- a/modules/servers/general/default.nix +++ b/modules/servers/general/default.nix @@ -6,5 +6,6 @@ ./secrets.nix ./podman.nix ./additional-pkgs.nix + ./root.nix ]; } diff --git a/modules/servers/general/root.nix b/modules/servers/general/root.nix new file mode 100644 index 0000000..413e9c7 --- /dev/null +++ b/modules/servers/general/root.nix @@ -0,0 +1,5 @@ +{config, ...}: { + users.users.root = { + hashedPasswordFile = "${config.age.secrets.root-passwd.path}"; + }; +} diff --git a/modules/servers/general/secrets.nix b/modules/servers/general/secrets.nix index edf22d0..935a8bb 100644 --- a/modules/servers/general/secrets.nix +++ b/modules/servers/general/secrets.nix @@ -5,6 +5,12 @@ file = ../../../secrets/traefik.age; owner = "traefik"; }; + crony-passwd = { + file = ../../../secrets/crony-passwd-servers.age; + }; + root-passwd = { + file = ../../../secrets/root-passwd.age; + }; }; }; } diff --git a/modules/servers/general/user.nix b/modules/servers/general/user.nix index 672f925..6399bdb 100644 --- a/modules/servers/general/user.nix +++ b/modules/servers/general/user.nix @@ -1,6 +1,6 @@ -{...}: { +{config, ...}: { users.users.crony = { - password = "whatever i will change it right away"; + hashedPasswordFile = "${config.age.secrets.crony-passwd.path}"; isNormalUser = true; description = "crony"; extraGroups = [ diff --git a/secrets/conduit.age b/secrets/conduit.age index 806868a..ab4241f 100644 Binary files a/secrets/conduit.age and b/secrets/conduit.age differ diff --git a/secrets/crony-passwd-servers.age b/secrets/crony-passwd-servers.age new file mode 100644 index 0000000..22a6a49 --- /dev/null +++ b/secrets/crony-passwd-servers.age @@ -0,0 +1,18 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw uE50KrXeVqboQgR3E4jBMyEY1Eag0iYyBqsFcNq46kA +L0hB1KJ/93ZoGJA82sFK/yCp6Iqw3jGqCOs6jZg7fM8 +-> ssh-ed25519 6+hQpQ IBPIcFcduVkdO8eBZ+JnBaDGkB6BRVSKNz1JrR154Gk +25Qa1YvB3MjwmRFuoHCPvEn/sjc14Em+cokMEKy0OGk +-> ssh-ed25519 l/ODWA +6i2fEJzr3pwkfL/vLQcCEi8uInG44Ki89PJVN72WAg +eI03G48J5JGKGGfMnVTy6i7yki4s5WAtx9KjTWJx+tg +-> ssh-ed25519 7+5K3Q Z8Vcpm8f5wqyVuK5iGGOVWzB2uH/PfiW5+AF2h8wZFc +jUuXzfNFTcI0775pp2j2QHntrcNHG47T4QT00qxZ3WU +-> ssh-ed25519 Ow0TGw OLfB0cEoQCEbCy3qKtIk0srwSJYt8BdxO4QcWcEziCo +KipTui0UB//I1ktebLzrursmtnhijEsJ7OqF51QRI2A +-> ssh-ed25519 cEINMA I3KqLlTXhxMDx/m3kot4H7FQqWvYGlh9VlKYYjeWmlc +3VYcLSHU6lDRUgQDLW32jVYiZW6NhNfFcKU15KZqSNI +-> ssh-ed25519 fd/ZLQ LCpZ1/kZk0wcoqVyga0dKwheZbG64wUZhNjVlzxsJVM +gj8tePLX1WKR6tPdE9ii9zKiqXDC3nCpVYES+YVKuUM +--- 0+ou8pl8fJW8xWQeJ1v0ALJmt/GVi/hjVYY/q/Az574 +8@`HHDp\0~`Hg\S"䴏nb-ּp.F/]bـa`b0nNp^+b ssh-ed25519 2P4nKw SRZ46jEyxBUlfg+t25OcceZlxftixfwhZrGnMyhu8Tw +khskBqjrEszMI8aV/DmDygqAii1SwpFKsn6luSssEgY +-> ssh-ed25519 6+hQpQ k3Cz7H4EK/kgHycD+5KopNxaKCfGNrE8uAgbrIl1fyM +tyvq6xS11MahN4CFQLKnQQvo0cMAFkbBP942gPsQM4Y +-> ssh-ed25519 l/ODWA d3/L4FVQbcB9bx8gkwfSEW50h1fjJXuWNL5AVH73Vnw +l08tXj6+7lnPiJcJn5VQfxJiOD8qV+5wCB/XMtPmFDE +-> ssh-ed25519 7+5K3Q BEblcFpA0JHJWHHPyElzJpfYVOK35+cG9Io/LXVPwEk +SwHqJU0pWLDxWPLoVBT8B/v41uEVxGckRCF6vj/NgGA +-> ssh-ed25519 Ow0TGw Hkn4XZMDAJEF1agRN3tVwyNmCXiuvlcgcN+/dUbYKAg +uf6f5PcIHdzsxF0LyrXkkConGCARZW3ORw9S5TCl+nw +-> ssh-ed25519 cEINMA InM7UKDH5j86IKxEp7NjXbitrwNg++oUrWwURs3fuhc +HdRySiqzff23IGwLIAuaxYO7gp7vN+eegNVWB/ds9EM +-> ssh-ed25519 fd/ZLQ wPaoRwfInUvsNhrjV3QLy8akQXAE1Z/xaAO6V0Z8aFE +bn+bdfqKzm1H/gLTWD+6Iu4ccCJfmUEA6dCYu9ixdeI +--- VzTkVf1tEmnZ1qLDsMHndgjkTRBCMnasQx3NbWSw/y4 + ͒ ƵqX7/4 WUw䱦QO+TF;f1TDeqYo?d,l7t֩,+u(f1 \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3cf4326..55f5bc1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,4 +25,7 @@ in { "conduit.age".publicKeys = systems ++ users; "searx.age".publicKeys = systems ++ users; "miniflux.age".publicKeys = systems ++ users; + "crony-passwd-desktop.age".publicKeys = systems ++ users; + "crony-passwd-servers.age".publicKeys = systems ++ users; + "root-passwd.age".publicKeys = systems ++ users; }